Removing Keychain login message

hobblyjig · Feb 2, 2010

I work in a mac lab at a university. We recently upgraded to snow leopard.

The computers in the lab have a few accounts. One is for CSRs, one is for Teachers, and one is for students. The students login using their individual school ID number and password. Since upgrading to snow leopard when students login they get a message saying:

"The system was unable to unlock your login keychain"
(With three buttons: "Continue login", "Create New Keychain", "Update Keychain Password".)

According to apple they should just hit Create New Keychain and they won't get that message again. This has not proven to be the case. No mater what I try, all the students continue to get the message every time they login. Its not a huge issue, but a lot of them get confused and have to come ask for help.

I would like to know how to remove this message. As all the computers are public the Keychain feature is worthless to us, so if we need to remove the entire application that would be fine...but I can't seem to figure/find out how to do that.

Thank you!

6string · Feb 2, 2010

I would not recommend deleting the entire application, so first of lets try some troubleshooting.

Try this

and this

hobblyjig · Feb 3, 2010

I have tried them both, with no success

The first one had me deleting keychains in the keychain access utility. I thought it might actually work...but alas there was no effect. There is a keychain called "Login" I thought deleting that one would work for sure, but after deleting it and seeing no effect, I went back into the keychain access program and saw that it had magically returned

I'm not sure it is the problem though.

The second one had me repairing keychains with the keychain access first aid utility. There were errors, and I did repair them, but after the repairs the message still pops up when people login.

6string · Feb 3, 2010

Have you tried removing ~/Library/Keychains/login.keychain?
To see if it works, just drag it to the desktop or trash without deleting it.

clayneal · Feb 3, 2010

could this be in some way related to the imaging issue ? Just guessing

Clay

hobblyjig · Feb 4, 2010

6string said:
Have you tried removing ~/Library/Keychains/login.keychain?
To see if it works, just drag it to the desktop or trash without deleting it.

This doesn't seem to do anything. A new login.keychain file is created and the message still comes up.

I find it odd that there isn't a way to disable keychain. For home/personal use its great, but not in a public setting.

hobblyjig · Feb 4, 2010

clayneal said:
could this be in some way related to the imaging issue ? Just guessing

Clay

I don't believe so. Were working with a new clean image now. Also, the message thats coming up isn't a bug its supposed to come up according to apple.

Apple says:

"After entering your username and password at the login window in Mac OS X v10.6 Snow Leopard, you may see this alert:

"The system was unable to unlock your login keychain"
(With three buttons: "Continue login", "Create New Keychain", "Update Keychain Password".)

This may happen if you changed your login keychain password or user password (so they are now different passwords), while started from the Mac OS X v10.6 Install DVD."

While that maybe true we haven't changed our passwords, but we're getting the message anyway.

hobblyjig · Feb 5, 2010

Solved

We created a script to run at login which has resolved our issue.

Thanks for your help!

cpwon5 · Apr 8, 2010

I have the same issue here...

I am not sure if this is caused by combination of new v10.6 image with older server which is not on v10.6 yet. Machines have v10.5 are all working ok. The issue on appeared for LDAP users (network user)

Do you mine telling us what login script you put to remove the message?

hobblyjig · Jun 2, 2010

I had some messages asking about the script that we use so I figured I would post it here.

The script does more than you may want it to. We use the script to pull a template of the home directory whenever a user logs on. This is an effort to keep our machines somewhat clean.

#!/bin/tcsh -f

############################ login.sh ############
# Jordan Betteridge
# Created 8 January 2010
# BYU English Language Center
####################################################################

### Description ###
#
# The purpose of this script is to move the home directory
# of the user that was just logged in to a temporary location,
# then copy the user template to the Users directory to provide a
# fresh, consistent interface for the next user.
# This script assumes that you want to manage users that all have
# the same home directory specified in NetInfo or LDAP.
#
# If a user that just logged out realizes that they need
# something that was saved in the home directory, they can get to
# it by selecting "Go to Folder..." from the Finder's "Go" menu,
# then typing "/tmp". This script will only replace a home
# directory if the same user logs in (e.g. the default "student"
# user). If you login as the local admin, for example,
# the "student" user directory will still be in /Users.
#
# /tmp is cleared out on restarts. You could also create a cron task
# to remove these backups on a regular basis

### Properties ###
# For both elcuser and elcteacher accounts
set defGrp = staff
set tmpDir = /Library/Management/savedHomeDirs
set localAdmin = asstcsr

# For the elcuser account
set defHomeUser = /Users/elcuser
set defTemplateUser = /Library/Management/elcusertemp

# For the elcteacher account
set defHomeTeacher = /Users/elcteacher
set defTemplateTeacher = /Library/Management/elcteachertemp

### Debug/testing sanity check ###
if ( $#argv < 1 ) then
echo "No user specified!"
exit 1
endif

# If this is the elcteacher account...
if ( $1 == "elcteacher" ) then
# Create a timestamp for the temporary home directory storage
set time = `date ''+%m-%d-%y_%H.%M.%S''`

# Move the home directory
mkdir -m 755 "${tmpDir}/prevuser.$time"
mv $defHomeTeacher "${tmpDir}/prevuser.$time"

# Copy a new default home directory from the user template
/usr/bin/ditto -rsrcFork $defTemplateTeacher $defHomeTeacher

# Change the ownership of the new home directory to the user logging in
/usr/sbin/chown -R ${1}{defGrp} $defHomeTeacher
endif

### Script actions ###
# If this any type of elcuser account...
if ( $1 != "asstcsr" && $1 != "elcteacher" && $1 != "elctest" && $1 != "iLife") then
# Create a timestamp for the temporary home directory storage
set time = `date ''+%m-%d-%y_%H.%M.%S''`

# Move the home directory
mkdir -m 755 "${tmpDir}/prevuser.$time"
mv $defHomeUser "${tmpDir}/prevuser.$time"

# Copy a new default home directory from the user template
/usr/bin/ditto -rsrcFork $defTemplateUser $defHomeUser

# Change the ownership of the new home directory to the user logging in
/usr/sbin/chown -R ${1}{defGrp} $defHomeUser
endif

### Always exit with 0 status
exit 0

The key is that in the template that the script pulls on login we have deleted the login.keychain file. Using this principle you could modify the script to just replace that one keychain folder instead of the whole home directory.

It may not be exactly what you need, but hopefully you've been inspired

View attachment login.sh.zip

View attachment login.txt

jsnodgrass18 · Jun 2, 2010

Ok all of you are looking at this and making it way too complicated.
this is all you have to do:
1. click the maginifying glass in the top right hand corner of screen
2. type keychain access
3. click the application keychain access
4. next to the apple in the top left hand corner of screen click the word keychain access
5. then click reset my keychain or reset my default keychain
6. then type in your login password
7. then restart the computer
8. resolved
O:)

rsunnybrook · Jun 2, 2010

Thanks for posting solutions, hobblyjig and jsnodgrass! In my case I had created a new default user account. After customizing it I needed to delete the login keychain, both files and references. When I did that and restarted I was able to successfully replace the original default folder and log in under various accounts without getting the nag screen.

travelbugs · Dec 21, 2017

Just wanted to say thanks it worked for me this method of yours.

jsnodgrass18 said:
Ok all of you arJust wanted to say thanks it worked for me this method of yours. e looking at this and making it way too complicated.
this is all you have to do:
1. click the maginifying glass in the top right hand corner of screen
2. type keychain access
3. click the application keychain access
4. next to the apple in the top left hand corner of screen click the word keychain access
5. then click reset my keychain or reset my default keychain
6. then type in your login password
7. then restart the computer
8. resolved

Just wanted to say thanks it worked for me this method of yours.

IWT · Dec 21, 2017

@rsunnybrook and @travelbugs

Welcome to our Forums, Glad to have you along.

It's always a pleasure to hear from people who have found a solution from previous posts.

I don't know if @jsnodgrass18 is still a member, as it is over 7 years since the last post to this thread.

Nevertheless, good to hear from you and I hope you stay with us.

Ian

harryb2448 · Dec 22, 2017

For the next seven days whilst we are here, anyway!